cf5bad95a299fb3c3f29ef77cd33ac9b3da0fa0afbb8b13346d55f2f69506ca1

Analysis

max time kernel
29s
max time network
169s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
12-06-2024 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0f6c199b4919a55123d405290b6a7d9_JaffaCakes118.apk
Size

6.0MB
MD5

a0f6c199b4919a55123d405290b6a7d9
SHA1

07a1e752e2967125bca6c5b10585c967b71dac2c
SHA256

cf5bad95a299fb3c3f29ef77cd33ac9b3da0fa0afbb8b13346d55f2f69506ca1
SHA512

68015b530e88db5b728b2befb27ab2d8817a0ea0d265f3b85ebbdd7f37e2bba38e08e4983881fc0537d6650b4e8335d79d0699612dc3c3577ec0e64ad9933566
SSDEEP

196608:hPhozeGsQVA6aBL1nnFuFdIGA/4VjDhf0K6:hmJSB1nnAFa7Q9Dhf56

Score

8^/10

discovery evasion execution persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

T1426

Processes:

com.abtnprojects.ambatana.hack

ioc	process
/data/local/su	com.abtnprojects.ambatana.hack
/data/local/bin/su	com.abtnprojects.ambatana.hack
/data/local/xbin/su	com.abtnprojects.ambatana.hack
/sbin/su	com.abtnprojects.ambatana.hack

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.abtnprojects.ambatana.hack

pid process

4283 com.abtnprojects.ambatana.hack
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.abtnprojects.ambatana.hack
Acquires the wake lock 1 IoCs

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.abtnprojects.ambatana.hack
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.abtnprojects.ambatana.hack
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.abtnprojects.ambatana.hack
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.abtnprojects.ambatana.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.abtnprojects.ambatana.hack
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.abtnprojects.ambatana.hack

description ioc process

File opened for read /proc/cpuinfo com.abtnprojects.ambatana.hack
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.abtnprojects.ambatana.hack

description ioc process

File opened for read /proc/meminfo com.abtnprojects.ambatana.hack

pid	process
4283	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.abtnprojects.ambatana.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.abtnprojects.ambatana.hack

description	ioc	process
File opened for read	/proc/meminfo	com.abtnprojects.ambatana.hack

com.abtnprojects.ambatana.hack
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4283

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.abtnprojects.ambatana.hack/databases/OneSignal.db-journal
Filesize
512B

MD5
c9602f3ca257eca12f8f8967b1903650

SHA1
379db0432ee396b025296f258aa249873390147b

SHA256
fc771f5e8a3dd933030af65bcd757af6d6a4760b1fd7cb4f1eda5e3d588c3ae4

SHA512
b689479fb052ad91530a38ee1eca57b1e273ba4966b8d620f97968941c72a5a07176a03d8cf96efc34fc0f4aeacb9f07c802108b262264bc512fc15495be6eb4

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/OneSignal.db-wal
Filesize
52KB

MD5
412f659e7b8fd6e9d35ad11abe0d5664

SHA1
ba4778f5e351fa76fa0715b6435c3a24b2fffda6

SHA256
1de8c0a1c72e8a2b7385760532eac29c825dfa64860c3a5078e067b047b415e5

SHA512
94eac9e6870933822ad7ca07b93b8eee319c24ca9265b722e8842f2650360e44864ecdd3341e3cb33eeee17a81cd71596f53c28cab83b9fd577c2b6c0bb66f56

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
9bb3f7db4f2c7a3f10863b5fe4ee8edf

SHA1
34ac47ab8c9d8677c4e7a7e51462ac2b7347b87a

SHA256
371305d13c44a52e23539fee9d3188339844686c03b06cb2e5c3f50b406affa9

SHA512
249c1bdf7c62ea494864eb45898f12db59ec7d7ca5051fea51c3f691df43aad785f7936f2a88f7c60d7b1c5e5e26ef65a8902b03d1d6dec7d36860b3f2a4c9f5

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db-wal
Filesize
32KB

MD5
45289281443bb05f4d9d7d94e1a187ea

SHA1
5814a727b4b082fe84f01dd999881529b3526306

SHA256
2c823f5004bde462f186abd4d01b3a9a92097609d5f3b10a392b6c181dd91153

SHA512
da02b42bddde4a5cb4f38ee5a929b28563b860feb0fae40d7b5ce78558f9d40e6007707afbab79c2ed3b1cf6db933b5e8bb691dd33ba4c9184320a6890d0f77c

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
ab833a806f3cd164146953533f5716fa

SHA1
2a224e70be0a8c4e7f6355ce335f45f88d86377b

SHA256
f9da64fc6464ed176c80dd46d883260a8295838a9e76e5444526b50f92cb80ea

SHA512
060a297d76c5d59d92d7f49ba725c0a48ba72ed827a5152120ca54d41a25d5726df78b8b81f1bed6d3759dd3eff73b96fea02b24bfe134691be27b57a2f46f4d

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
580b6f0a3c824397261c463f6f043bb4

SHA1
b13d579144a8cd041fd99d0c50aecdce1de7d9de

SHA256
b73eaf57a65973edf6cc4dca61c515526fd07e2adbc9c461cf2e7c2aac966441

SHA512
62886156f8af58b6614d5bfc011825e85817556884309f1ff1c65fbc586a723e3c71756879c006e208ae9254fa3310eef765d897bf15b5b3549eea2cbebb6ec4

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
ac9876a1c840fe2bd60d420667c9557f

SHA1
4f2f1817bc0c5b722c8036c32fd4cf75d5706ea3

SHA256
63cf9063b0f02d9de6cce2f584dee090a8dca03cc41aeac620bf4bdf9000c66a

SHA512
4f6b297b5e47e64be494b6a55be07d46290f41b76bf9e47fd93889347d0062ad90accc7783e68d4e88a10ad660fbc2112d0d9388aa2a403008dc3ab222f88140

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
b40d29754c603d9a3a247c7b908bb71e

SHA1
bffd69d264e3d8113aac374ca23c5742bac46e44

SHA256
fc16bcd8bb24d3552774ceb1c1d8d1ce6a2322a26dbe0bba22ac3008b72194de

SHA512
37082fc48095e48670be3cd0305a101c4c471f4f861c84d047e74b2851f39be80b8a80c3ccfd893d84cdaa1577bb94f9bf80e112c8287d6ae3695ac0452d61c3

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
44693692da738db6eb133cf0e4cde91b

SHA1
e6bda56494c325d8d37ad89552263ae85d9b0550

SHA256
8fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4

SHA512
b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
18cee840a0f524225a820bbddce22087

SHA1
0b5975838eaa60f3dd63e39d02c5586e41a667e1

SHA256
fe441ed852636de0bfec2d41c5c24a05585ca5bbf15a3fcb80ebf09785a8790a

SHA512
8258eabc115de3d9091e206ed665e7c39dd2d0e4ced9ea0c4bd0b3462fa0d2770e4cfc92584a0deb75e676c3fab2d78552727fd393185762d69ae2efda390183

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
8f55bd140c8f835fe6925f7fba17523d

SHA1
7d0fd3b91afd35ccfec6559a7f70ce25e00563b7

SHA256
5ef7eea022b0ba47d0426afd0b20527ea7a5737b465c4fe81e705994f00ac87f

SHA512
4ef259b116ccb7cf9e08f0ce1fa9b500048f6c591bd9ba2f088b22fd97f6a761204a53d0ed3bf6945e2299edbdd77979136d10e1460f37a63e1dfe02bd0cb879

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
687c1d897f7e9d30e9a0fd711b81c5cc

SHA1
e0a77720a0772258555962b53c9fe216fe3b0d7c

SHA256
48ba47d330cd34b1ee63382668de4678f7d4b5b89d9eedb67aa37416c219a6f2

SHA512
0e40371b44ba52e16f28245b025c95139c339669e1eb1b05be381496c0e59623a2ea748c6e0486bb87b112a2ef6abd72e3b03bc4b8eb049480eee4e441204b1c

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
c3acab9d0c76899e3273a1d9abfd1cec

SHA1
adf7afce77321f2eddf9b2bbd920702c2ccc0278

SHA256
d4106cfb5ee2016023553ac8abab9d48094567a5df9d4f59cc22fed1632ca178

SHA512
498262be85510712ea46efc9897d1ed9f793c65ee673d1481364c24f9af44c6bb39ccbe3981ecf1f215938a5274b5068d1239f2f9d73a42130e93f99bdb27f7f

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
17e4347971a47060120383bece4849fe

SHA1
ea5df1a5dee9cc433c81699057a1f2712c04ae83

SHA256
cd8687eda4a3858efae30b2eda1a4d70d2520791aa9dd45ecf0447b4436ef13f

SHA512
a1b5668e22bc8d7d07bb3d450cbf0848a0a708bad08a9c5162dba145486f241fb09af53a09cb1b537060aa7e769e034bcd4a388817e48ac095c35d3e94331375

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
34760c0468e4a01a503c48d20eb327da

SHA1
1e7a7f5ad519c22acc677109d0cd3013cf95b026

SHA256
115b50064d6f06831984d1c45b15a2ab9784aa04b6ee0f0f94c712786d8e4dba

SHA512
293bf2d54445dd1d98aee48e42de35e0789edde3790aa7551d67753eb9e229c7f3dfc5f40681dbc352e196469b6aaf65d65e83b8aaf551bc0182f52d11635f51

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
f54fcc90a93e84d20ad8977f895c1766

SHA1
23798c15a336ab43edf62d35629a97e31a4d044c

SHA256
022d90db916571f5d1e2da0ceeadabfa67554b1618da9b703fd9c7b728c851fa

SHA512
969b3f15b3a714b73a29af235a6b8d67ed097bda0640c155db5ed56862f1f80b03b4a6e738bc714e8ee0995649f1274f3c214a302607989254588a499a4b42ac

Download Submit
/data/data/com.abtnprojects.ambatana.hack/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
fba513f4ff358b2a040e5138bee2f485

SHA1
ec95774c3df21805df8f4778ca93b32efd54b204

SHA256
9ce26bb83607abd62f89b476bda4efae2e3eeb94d34399df6fb6ffde214bf2a0

SHA512
4309a28bbf8e09913658ede53f0336b354f7328e94804bd5dbcab370effb8c95a9959a9ff591b688ce08d8c8b0d16a0ade912f092e5718217fcb3730e4b2c90f

Download Submit